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DETAILED ACTION 
Claim Rejections - 35 USC §103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Shi et al 
(hereinafter, 'Shi", 5,875,296) in view of Shrader et al (hereinafter, "Shrader", 6,374,359). 

As per claims 1,10 and 19, Shi discloses a method, an article of manufacture and an 
apparatus for de-authenticating from a first web server security realm protected by an 
authentication scheme lacking a de-authentication operation, the method comprising: 

• attempting to access a first resource in a first security realm protected by the 
authentication scheme (abstract and col. 8, lines 32-46); 

• receiving a request for authentication credentials in response to said attempting to access 
the first resource (abstract and col. 8, lines 32-46); and 

• supplying said authentication credentials in response to the request so as to become 
authenticated in the first security realm (abstract and col. 8, lines 32-46). 

However, Shi does not explicitly disclose: 

• accessing a logout resource in the first security realm, said logout resource configured to 
automatically authenticate with a second security realm on accessing thereof 

In an analogous art, Shrader discloses a dynamic use and validation of HTTP cookies for 
authentication including: 
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• accessing a logout resource in the first security realm, said logout resource configured to 
automatically authenticate with a second security realm on accessing thereof (coL 8, 
lines 4-32). 

Given the teaching of Shrader, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify Shi by implementing or incorporating a logoff 
routine in order to allow a user to logoff from the LDAP Cut without having to exit the web 
browser therefore providing a refresh page to be access by the user. 

As per claims 2, 11 and 20, Shi further discloses: 

• providing a common access point executing a web browser (abstract and col. 8, lines 32- 
46); and 

• first displaying a login web page of the second security realm so that a first user may 
authenticate with the first security realm and access the first resource, the login page 
comprising a login resource configured to perform said attempting to access the first 
resource (abstract and col. 8, lines 32-46); 

However, Shi does not exphcitly disclose: 

• second displaying the login web page of the second security realm responsive to said 
accessing the logout resource so that a second user may authenticate with the first 
security realm and access the first resource. 

In an analogous art, Shrader discloses a dynamic use and validation of HTTP cookies for 
authentication including: 
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• second displaying the login web page of the second security realm responsive to said 
accessing the logout resource so that a second user may authenticate with the first 
security realm and access the first resource (col. 8, lines 4-32). 

Given the teaching of Shrader, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify Shi by implementing or incorporating a logoff 
routine in order to allow a user to logoff from the LDAP Cut without having to exit the web 
browser therefore providing a refresh page to be access by the user. 

As per claims 3 and 12, Shi discloses the invention substantially as claimed as discuss 
above. 

However, Shi does not explicitly disclose: 

• wherein the logout resource execute a script configured to authenticate a user with the 
second security realm. 

In an analogous art, Shrader discloses a dynamic use and validation of HTTP cookies for 
authentication including: 

• wherein the logout resource execute a script configured to authenticate a user with the 
second security realm (col. 8, lines 4-32). 

Given the teaching of Shrader, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify Shi by implementing or incorporating a logoff 
routine in order to allow a user to logoff from the LDAP Cut without having to exit the web 
browser therefore providing a refresh page to be access by the user. 

As per claims 4 and 13, Shi discloses the invention substantially as claimed as discuss 
above. 
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However, Shi does not explicitly disclose: 

• wherein the logout resource comprises a web page element comprising a link to the 
script (col. 8, lines 4-32); and 

• wherein the web page element incorporates authentication credentials for the second 
security realm so that the user need not to provide authentication to access the second 
security realm (col. 8, lines 4-32). 

Given the teaching of Shrader, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify Shi by implementing or incorporating a logoff 
routine in order to allow a user to logoff from the LDAP Cut without having to exit the web 
browser therefore providing a refresh page to be access by the user. 

As per claims 5 and 14, Shi discloses: 

• wherein the authentication scheme comprises HTTP basic authentication (abstract, col. 
1, hnes 10-17, lines 61-63 and col. 3, lines 17-21). 

As per claims 6, 15 and 21, Shi discloses a method, an article of manufacture and an 
apparatus for de-authenticating from an HTTP basic authentication comprising: 

• attempting to access a first resource in a first security realm protected by HTTP basic 
authentication (abstract and col. 8, lines 32-46); 

• responsive to said attempting to access, receiving an authentication request for 
controUing access to the first resource (abstract and col. 8, lines 32-46); 

• supplying authentication credentials responsive to said authentication request so as to 
authenticate with the first security realm (abstract and col. 8, lines 32-46); 

However, Shi does not expUcitly disclose: 
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• accessing a second resource in the first security realm (col. 8, lines 4-32); and 

• responsive to said accessing the second resource, automatically authenticating with a 
second security realm (col. 8, lines 4-32). 

Given the teaching of Shrader, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify Shi by implementing or incorporating a logoff 
routine in order to allow a user to logoff from the LDAP Cut without having to exit the web 
browser therefore providing a refresh page to be access by the user. 

As per claims 7 and 16, Shi discloses; 

• wherein said authenticating with the second security realm invalidates a prior 
authentication with the first security realm (col. 9, lines 1 1-22). 

As per claims 8 and 17, Shi further discloses: 

• displaying a login element within a web browser, the login element configures to access 
the first resource upon activation thereof (abstract and col. 8, lines 32-46). 

As per claims 9, 18 and 22, Shi further discloses: 

a. authenticating a first user with the first security realm (col. 9, hues 1 1-22); 
However, Shi does not explicitly disclose: 

• displaying a logout element within the web browser for performing said automatically 
authenticating with the second security realm (col. 8, lines 4-32); and 

within a single browser session: 

b. authenticating the first user with the second security realm so as to de-authenticate 
the first user from the first security realm (col 8, lines 4-32); and 

c. authenticating a second user with the first security realm (col 8, lines 4-32). 
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Given the teaching of Shrader, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify Shi by implementing or incorporating a logoff 
routine in order to allow a user to logoff from the LDAP Cut without having to exit the web 
browser therefore providing a refresh page to be access by the user. 

Conclusion 

3, The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 
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